Atmosphere Conference 2015: Taming the Modern Datacenter

TAMING THE MODERN DATA CENTERA  Hybrid  Talk  for  a  Hybrid  World

SETH VARGO @sethvargo

DC EVOLUTION How  did  we  get  here?

RISING DATACENTER COMPLEXITY

DC

RISING DATACENTER COMPLEXITY

DC

RISING DATACENTER COMPLEXITY

DC

VM

VMVM

VM VM

VMVM

VM VM

VMVM

VM VM

VMVM

VM

RISING DATACENTER COMPLEXITY

DC

VM

VMVM

VM VM

VMVM

VM VM

VMVM

VM VM

VMVM

VMC C

C CC C

C C

C CC C

C C

C CC C

C C

C CC C

C C

C CC C

C C

C CC C

C C

C CC C

C C

C CC C

C C

C CC C

C C

C CC C

C C

C CC C

C C

C CC C

C C

C CC C

C C

C CC C

C C

C CC C

C C

C CC C

RISING DATACENTER COMPLEXITY

DC DNS

Database

CDN

RISING DATACENTER COMPLEXITY

DC-01 DC-02

RISING DATACENTER COMPLEXITY

DC-01 DC-02

VM

VMVM

VM VM

VMVM

VMC C

C CC C

C C

C CC C

C C

C CC C

C C

C CC C

RISING DATACENTER COMPLEXITY

IaaS PaaS SaaS

RISING DATACENTER COMPLEXITY

TAMING THE DC Deployment  +  Maintenance

PREVIOUSLY The  APUD  cycle

ACQUIRE PROVISION UPDATE DESTROY

ACQUIRE PROVISION UPDATE DESTROY

G’UVENDOR

ACQUIRE PROVISION UPDATE DESTROY

G U’U ’UVENDOR DC OPS

ACQUIRE PROVISION UPDATE DESTROY

G U’U ’U U’UVENDOR DC OPS SYSADMIN

ACQUIRE PROVISION UPDATE DESTROY

G U’U ’U U’U U’UVENDOR DC OPS SYSADMIN DC OPS

ACQUIRE PROVISION UPDATE DESTROY

VENDOR DC OPS SYSADMIN DC OPS

WEEKS DAYS DAYS DAYSc c c c

PRESENTLY The  elasBc  compute  and  _aaS  era

ACQUIRE PROVISION UPDATE DESTROY

WEEKS DAYS DAYS DAYSc c c c

ElasBc  Compute

ACQUIRE PROVISION UPDATE DESTROY

WEEKS DAYS DAYS DAYSc c c c

ElasBc  Compute

ACQUIRE PROVISION UPDATE DESTROY

MINUTES DAYS DAYS SECONDSc c c c

ElasBc  Compute

CapEx#

OpEx#

_aaS

ACQUIRE PROVISION UPDATE DESTROY

DAYS DAYSc c

ConfiguraBon  Management

MINUTES SECONDSc c

ACQUIRE PROVISION UPDATE DESTROY

DAYS DAYSc c

ConfiguraBon  Management

MINUTES SECONDSc c

ACQUIRE PROVISION UPDATE DESTROY

MINUTES SECONDSc c

ConfiguraBon  Management

MINUTES SECONDSc c

ACQUIRE PROVISION UPDATE DESTROY

SaaS  ProliferaBon

ACQUIRE PROVISION UPDATE DESTROY

https://specialized.com

RISING DATACENTER COMPLEXITY

DC DNS

Database

CDNVM

VMVM

VM VM

VMVM

VMC C

C CC C

C C

C CC C

C C

C CC C

WHY? What  was  our  original  goal?

EFFECTIVELY  DELIVER AND  MAINTAIN  APPLICATIONS

MOVE  FAST AND  DON’T  BREAK  THINGS

h-ps://d250n10lsq5j8r.cloudfront.net/assets/atlas/runAme-­‐develop-­‐icon-­‐color-­‐

ebf4ccf5f2ca3513e495bccbe9320d45.png

Consistent

Shareable

Readily Available

High production parity

h-ps://d250n10lsq5j8r.cloudfront.net/assets/atlas/runAme-­‐

deploy-­‐icon-­‐color-­‐1c39f618b3b5ead204

dda4646bb2410e.pngStart and configure servers / services

Deploy and run application

Update servers or applications

Reconfigure, feature flag

Monitor health

Orchestrate complex changes

DEVELOP DEPLOY MAINTAIN

h-ps://d250n10lsq5j8r.cloudfront.net/assets/atlas/runAme-­‐develop-­‐icon-­‐color-­‐

ebf4ccf5f2ca3513e495bccbe9320d45.png

h-ps://d250n10lsq5j8r.cloudfront.net/assets/atlas/runAme-­‐

deploy-­‐icon-­‐color-­‐1c39f618b3b5ead204

dda4646bb2410e.png

DEVELOP DEPLOY MAINTAIN

TERRAFORMBuild,  Combine,  and  Launch  Infrastructure

MOTIVATION Why  Terraform?

How  do  I  provision  resources?              compute?              storage?              network?

How  do  I  manage  resource  lifecycles?

How  do  I  balance  service  providers  providing  core  technology  for  my  datacenter?

How  do  I  enforce  policy  across  all  these  resources?

How  do  I  automate  and  share  those  configuraBons?

TERRAFORM'S  GOAL

PROVIDE A SINGLE WORKFLOW

WITH A UNIFIED VIEW

USING INFRASTRUCTURE AS CODE

THAT CAN BE ITERATED AND CHANGED SAFELY

CAPABLE OF COMPLEX N-TIER APPLICATIONS

DIGITAL OCEAN DROPLET WITH DNS USING DNS SIMPLE

resource "digitalocean_droplet" "web" { name = "tf-web" size = "512mb" image = "centos-5-8-x32" region = "sfo1"} resource "dnsimple_record" "hello" { domain = "example.com" name = "test" value = "${digitalocean_droplet.web.ipv4_address}" type = "A"}

DIGITAL OCEAN DROPLET WITH DNS USING DNS SIMPLE

resource "digitalocean_droplet" "web" { name = "tf-web" size = "512mb" image = "centos-5-8-x32" region = "sfo1"} resource "dnsimple_record" "hello" { domain = "example.com" name = "test" value = "${digitalocean_droplet.web.ipv4_address}" type = "A"}

DIGITAL OCEAN DROPLET WITH DNS USING DNS SIMPLE

resource "digitalocean_droplet" "web" { name = "tf-web" size = "512mb" image = "centos-5-8-x32" region = "sfo1"} resource "dnsimple_record" "hello" { domain = "example.com" name = "test" value = "${digitalocean_droplet.web.ipv4_address}" type = "A"}

DIGITAL OCEAN DROPLET WITH DNS USING DNS SIMPLE

resource "digitalocean_droplet" "web" { name = "tf-web" size = "512mb" image = "centos-5-8-x32" region = "sfo1"} resource "dnsimple_record" "hello" { domain = "example.com" name = "test" value = "${digitalocean_droplet.web.ipv4_address}" type = "A"}

HUMAN-FRIENDLY CONFIG*

* JSON-COMPATIBLE FOR NON-HUMANS

VCS-FRIENDLY FORMAT

ENTIRE INFRASTRUCTURE... IN A SINGLE TEXT FILE

TERRAFORM  GRAPH

COMPOSE N-TIERS / PROVIDERS

TERRAFORM  PROVIDERS

SINGLE INTEGRATION POINT

EXPOSE ("PROVIDE") A RESOURCE

EXPOSE ("PROVIDE") A RESOURCE

aws_instance

dnssimple_record

CRUD API

PLUGGABLE FOR INTEGRATIONS

C C C

C C C

VM VM VM

IAAS (OpenStack, etc)

PHYSICAL

"LAYER CAKE"

PROVIDER PER LAYER

UNIFIED CONFIGURATION

$ terraform apply

All logos and trademarks are copyright their respective owners

TERRAFORM  PLAN

$ terraform plan

+ digitalocean_droplet.web backups: "" => "<computed>" image: "" => "centos-5-8-x32" ipv4_address: "" => "<computed>" ipv4_address_private: "" => "<computed>" name: "" => "tf-web" private_networking: "" => "<computed>" region: "" => "sfo1" size: "" => "512mb" status: "" => "<computed>"

+ dnsimple_record.hello domain: "" => "example.com" domain_id: "" => "<computed>" hostname: "" => "<computed>" name: "" => "test" priority: "" => "<computed>" ttl: "" => "<computed>"

$ terraform plan

+ digitalocean_droplet.web backups: "" => "<computed>" image: "" => "centos-5-8-x32" ipv4_address: "" => "<computed>" ipv4_address_private: "" => "<computed>" name: "" => "tf-web" private_networking: "" => "<computed>" region: "" => "sfo1" size: "" => "512mb" status: "" => "<computed>"

+ dnsimple_record.hello domain: "" => "example.com" domain_id: "" => "<computed>" hostname: "" => "<computed>" name: "" => "test" priority: "" => "<computed>" ttl: "" => "<computed>"

$ terraform plan

+ digitalocean_droplet.web backups: "" => "<computed>" image: "" => "centos-5-8-x32" ipv4_address: "" => "<computed>" ipv4_address_private: "" => "<computed>" name: "" => "tf-web" private_networking: "" => "<computed>" region: "" => "sfo1" size: "" => "512mb" status: "" => "<computed>"

+ dnsimple_record.hello domain: "" => "example.com" domain_id: "" => "<computed>" hostname: "" => "<computed>" name: "" => "test" priority: "" => "<computed>" ttl: "" => "<computed>"

$ terraform plan

+ digitalocean_droplet.web backups: "" => "<computed>" image: "" => "centos-5-8-x32" ipv4_address: "" => "<computed>" ipv4_address_private: "" => "<computed>" name: "" => "tf-web" private_networking: "" => "<computed>" region: "" => "sfo1" size: "" => "512mb" status: "" => "<computed>"

+ dnsimple_record.hello domain: "" => "example.com" domain_id: "" => "<computed>" hostname: "" => "<computed>" name: "" => "test" priority: "" => "<computed>" ttl: "" => "<computed>"

+ digitalocean_droplet.web backups: "" => "<computed>" image: "" => "centos-5-8-x32" ipv4_address: "" => "<computed>" ipv4_address_private: "" => "<computed>" name: "" => "tf-web" private_networking: "" => "<computed>" region: "" => "sfo1" size: "" => "512mb" status: "" => "<computed>"

+ dnsimple_record.hello domain: "" => "example.com" domain_id: "" => "<computed>" hostname: "" => "<computed>" name: "" => "test" priority: "" => "<computed>" ttl: "" => "<computed>" type: "" => "A" value: "" => "${digitalocean_droplet.web.ipv4_address}"

+ digitalocean_droplet.web backups: "" => "<computed>" image: "" => "centos-5-8-x32" ipv4_address: "" => "<computed>" ipv4_address_private: "" => "<computed>" name: "" => "tf-web" private_networking: "" => "<computed>" region: "" => "sfo1" size: "" => "512mb" status: "" => "<computed>"

+ dnsimple_record.hello domain: "" => "example.com" domain_id: "" => "<computed>" hostname: "" => "<computed>" name: "" => "test" priority: "" => "<computed>" ttl: "" => "<computed>" type: "" => "A" value: "" => "${digitalocean_droplet.web.ipv4_address}"

SHOWS YOU WHAT WILL HAPPEN

EXPLAINS CERTAIN ACTIONS

PREVIOUSLY?

STILL UNCERTAINTY…

FUTURE OPS Managing  tomorrow’s  infrastructure

DEPLOY  IMMUTABLE INFRASTRUCTURE

CHANGES

CO

NF

IDE

NC

EMutable  Infrastructure

INTERATIONS

CO

NSI

STE

NC

YMutable  Infrastructure

INTERATIONS

CO

NSI

STE

NC

YImmutable  Infrastructure

IMMUTABLE INFRASTRUCTURE  IS FASTER

IMMUTABLE INFRASTRUCTURE  ALLOWS  FOR    GREATER PARITY

IMMUTABLE INFRASTRUCTURE  NEEDS  AUTOMATION

PACKERAutomated  Golden  Images  (and  more)

MACHINE IMAGES

YUCK…  IMAGES?

WHY  HAVE  WE  BEEN  GENERALLY AGAINST MACHINE  IMAGES?

GOLDEN IMAGES USED TO  BE  THE  WAY

QUARTERLY, UNCHANGED, AND  BLESSED IMAGE

CHANGES WERE SLOW AND FRUSTRATING

TOOLING WAS NOT MATURE COMPARED TO TODAY

MODERN CONFIG MANAGEMENT CHANGED THAT

OPS WITHOUT MACHINE IMAGES IS LIKE APPLICATIONS WITHOUT BINARIES

ApplicaBon  Lifecycle

Source Code Binary

ApplicaBon  Lifecycle

Source Code Binary

libA 1.0 libB 1.0 libC 1.0

ApplicaBon  Lifecycle

Source Code Binary

libA 2.0 libB 1.0 libC 1.0

ApplicaBon  Lifecycle

Source Code Failure

libA 2.0 libB 1.0 libC 1.0

ApplicaBon  Lifecycle

Mutable  Server  Lifecycle

New Server Ready Server

Mutable  Server  Lifecycle

New Server Ready Server

Packages Network CM Changes

Mutable  Server  Lifecycle

New Server

Network CM ChangesPackage Changes

Mutable  Server  Lifecycle

Ready Server

New Server

Network CM ChangesPackage Changes

Failure

Mutable  Server  Lifecycle

New Server

Packages CM ChangesNetwork Unreliable

Failure

Mutable  Server  Lifecycle

New Server

Packages Network CM Changed

Failure

Mutable  Server  Lifecycle

Machine  Image  Lifecycle

New Server Ready Server

Machine  Image  Lifecycle

New Server Ready Server

Machine  Image  Lifecycle

PACKER  BUILD

EMBRACES CONFIG MANAGEMENT

TRANSITIONS FAILURES FROM RUN-TIME TO BUILD-TIME

ENFORCES PARITY WITH STAGING

… AND EVEN DE ELOPMENT

WHAT DOES THE FUTURE LOOK LIKE?

AMI

DNS

Load Balancer

Deploy

OPE

RAT

OR

SD

EVEL

OPE

RS

[]

PRODUCTION

M

AMI

DNS

Load Balancer

Deploy

OPE

RAT

OR

SD

EVEL

OPE

RS

[]

PRODUCTION

MU

AMI

DNS

Load Balancer

Deploy

OPE

RAT

OR

SD

EVEL

OPE

RS

[]

PRODUCTION

MU

AMI

DNS

Load Balancer

Deploy

OPE

RAT

OR

SD

EVEL

OPE

RS

[]

PRODUCTION

MU

AMI

DNS

Load Balancer

Deploy

OPE

RAT

OR

SD

EVEL

OPE

RS

[]

PRODUCTION

MU

AMI

DNS

Load Balancer

Deploy

OPE

RAT

OR

SD

EVEL

OPE

RS

[]

PRODUCTION

MU

U

AMI

DNS

Load Balancer

Deploy

OPE

RAT

OR

SD

EVEL

OPE

RS

[]

PRODUCTION

MU

U

AMI

DNS

Load Balancer

Deploy

OPE

RAT

OR

SD

EVEL

OPE

RS

[]

PRODUCTION

MU

U

SETH VARGO @sethvargo

QUESTIONS?